Credit: Thinkstock In the latest attack involving malicious advertisements, hackers managed to launch Flash Player exploits against the visitors of several popular porn websites.It’s not clear how many users were impacted, but the affected websites have over 250 million monthly visits combined, according to researchers from Malwarebytes who spotted and analyzed the attack.The malicious ads were posted through an advertising network called AdXpansion that was abused in similar incidents in the past.The attackers managed to distribute through the network a Flash-based ad that attempted to exploit a vulnerability in Flash Player. The flaw affects Flash Player through version 17.0.0.134, which was released within the last two months, the Malwarebytes researchers said in a blog post Thursday. Affected sites listed in the blog post include Drtuber.com, Nuvid.com, Hardsextube.com and Justporno.tv.Unlike more subtle malvertising attacks, where rogue ads redirect the user’s browser to a third-party server that hosts an exploit kit, in this attack the ad launched the exploit code directly. This approach might be an attempt to evade detection by security tools that track exploit kit servers and traffic patterns.“It is interesting to see the trend of exploit kits taking the appearance of advertisers by leveraging Flash for serving the ‘creative’ and exploit in one single package,” the researchers said. “It is a minimalist type of approach which seems to work quite efficiently.”Malvertising attacks have been frequent occurrences in recent months and have affected a large number of ad networks, despite efforts from their owners to prevent them.On Thursday, security researchers from Trend Micro reported a separate attack, where cybercriminals posted malicious ads through the compromised servers of an advertising company called Mad Ads Media. Related content news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe